This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Alpixel\Bundle\MediaBundle\DataFixtures\ORM; |
||
4 | |||
5 | use Alpixel\Bundle\MediaBundle\Services\MediaManager; |
||
6 | use Faker\Provider\Base as BaseProvider; |
||
7 | use Symfony\Component\Filesystem\Filesystem; |
||
8 | use Symfony\Component\Finder\Finder; |
||
9 | use Symfony\Component\HttpFoundation\File\Exception\FileNotFoundException; |
||
10 | use Symfony\Component\HttpFoundation\File\File; |
||
11 | |||
12 | class MediaProvider extends BaseProvider |
||
13 | { |
||
14 | protected $mediaManager; |
||
15 | |||
16 | public function __construct(MediaManager $mediaManager) |
||
17 | { |
||
18 | $this->mediaManager = $mediaManager; |
||
19 | } |
||
20 | |||
21 | /** @deprecated */ |
||
22 | public function randomMedia($width = null, $height = null, $type = 'color') |
||
23 | { |
||
24 | return $this->randomImage($width, $height, $type); |
||
25 | } |
||
26 | |||
27 | public function randomImage($width = null, $height = null, $type = 'color') |
||
28 | { |
||
29 | do { |
||
30 | $dimensions = $this->fetchDimensions($width, $height); |
||
31 | $file = $this->fetchFromCache($dimensions['w'] . '-' . $dimensions['h']); |
||
32 | if ($file === null) { |
||
33 | $file = $this->downloadMedia($this->generateUrl($dimensions, $type), 'jpg'); |
||
34 | $this->storeInCache($dimensions['w'] . '-' . $dimensions['h'], $file); |
||
35 | } |
||
36 | } while (!preg_match('@^image/@', $file->getMimeType())); |
||
37 | |||
38 | $media = $this->mediaManager->upload($file); |
||
39 | |||
40 | return $media; |
||
41 | } |
||
42 | |||
43 | public function randomFile($fileType) |
||
44 | { |
||
45 | $file = $this->fetchFromCache("file-" . $fileType); |
||
46 | if ($file === null) { |
||
47 | switch ($fileType) { |
||
48 | case "pdf": |
||
49 | default: |
||
50 | $file = $this->downloadMedia("https://symfony.com/pdf/Symfony_book_master.pdf", $fileType); |
||
51 | break; |
||
52 | } |
||
53 | } |
||
54 | $this->storeInCache("file-" . $fileType, $file); |
||
55 | $media = $this->mediaManager->upload($file); |
||
56 | |||
57 | return $media; |
||
58 | } |
||
59 | |||
60 | protected function fetchDimensions($width = null, $height = null) |
||
61 | { |
||
62 | if ($width === null && $height !== null) { |
||
63 | $width = round($height * 4 / 3); |
||
64 | } elseif ($width !== null && $height === null) { |
||
65 | $height = round($width * 3 / 4); |
||
66 | } else { |
||
67 | $aWidth = [800, 1200, 1600]; |
||
68 | $width = array_rand($aWidth, 1); |
||
69 | $width = $aWidth[$width]; |
||
70 | $height = round($width * 3 / 4); |
||
71 | } |
||
72 | |||
73 | return ['w' => $width, 'h' => $height]; |
||
74 | } |
||
75 | |||
76 | protected function generateUrl($dimensions, $type = 'color') |
||
77 | { |
||
78 | $url = 'http://loremflickr.com/'; |
||
79 | |||
80 | if ($type !== 'color') { |
||
81 | $url .= 'g/'; |
||
82 | } |
||
83 | |||
84 | $url .= $dimensions['w'] . '/' . $dimensions['h']; |
||
85 | |||
86 | $category = ['abstract', 'city', 'nature', 'moutains']; |
||
87 | $url .= '/' . $category[array_rand($category, 1)] . '/'; |
||
88 | |||
89 | return $url; |
||
90 | } |
||
91 | |||
92 | protected function downloadMedia($url, $ext) |
||
93 | { |
||
94 | $filepath = sys_get_temp_dir() . '/' . uniqid() . '.' . $ext; |
||
95 | $ch = curl_init($url); |
||
96 | $fp = fopen($filepath, 'wb'); |
||
97 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
||
98 | curl_setopt($ch, CURLOPT_BINARYTRANSFER,1); |
||
99 | curl_setopt($ch, CURLOPT_HEADER, 0); |
||
100 | curl_setopt($ch, CURLOPT_TIMEOUT, 10); |
||
101 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); |
||
102 | curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0'); |
||
103 | $raw = curl_exec($ch); |
||
104 | if($raw) { |
||
105 | fwrite($fp, $raw); |
||
106 | } |
||
107 | curl_close($ch); |
||
108 | fclose($fp); |
||
109 | |||
110 | return new File($filepath, 'random'); |
||
0 ignored issues
–
show
|
|||
111 | } |
||
112 | |||
113 | protected function fetchFromCache($key) |
||
0 ignored issues
–
show
fetchFromCache uses the super-global variable $_SERVER which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
![]() |
|||
114 | { |
||
115 | $fs = new Filesystem(); |
||
116 | $cacheDir = $_SERVER['HOME'] . '/.symfony/media'; |
||
117 | if (!$fs->exists($cacheDir)) { |
||
118 | $fs->mkdir($cacheDir, 0777); |
||
119 | } else { |
||
120 | $cacheDir .= '/' . $key; |
||
121 | if (!$fs->exists($cacheDir)) { |
||
122 | $fs->mkdir($cacheDir, 0777); |
||
123 | } else { |
||
124 | $finder = new Finder(); |
||
125 | $files = $finder->in($cacheDir . '/')->files(); |
||
126 | if (strrpos($key, "file-") !== false || $files->count() === 3) { |
||
127 | try { |
||
128 | $iterator = $finder->getIterator(); |
||
129 | $iterator->rewind(); |
||
130 | for ($i = 0; $i < rand(0, 2); $i++) { |
||
131 | $iterator->next(); |
||
132 | } |
||
133 | $file = new File($iterator->current()); |
||
134 | $fs->copy($file->getRealPath(), sys_get_temp_dir() . '/' . $file->getFilename()); |
||
135 | |||
136 | return new File(sys_get_temp_dir() . '/' . $file->getFilename()); |
||
137 | } catch(FileNotFoundException $e) {} |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
|
|||
138 | } |
||
139 | } |
||
140 | } |
||
141 | } |
||
142 | |||
143 | protected function storeInCache($key, File $file) |
||
0 ignored issues
–
show
storeInCache uses the super-global variable $_SERVER which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
![]() |
|||
144 | { |
||
145 | $fs = new Filesystem(); |
||
146 | $cacheDir = $_SERVER['HOME'] . '/.symfony/media/' . $key; |
||
147 | if (!$fs->exists($cacheDir)) { |
||
148 | $fs->mkdir($cacheDir, 0777); |
||
149 | } |
||
150 | $fs->copy($file->getRealPath(), $cacheDir . '/' . $file->getFilename()); |
||
151 | } |
||
152 | } |
||
153 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: